Automatically Generating IPv6 Addresses for an Interface

Problem

You want to enable IPv6 and generate addresses automatically.

Solution

There are two methods for generating IPv6 addresses automatically. The first uses the autoconfig command:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address autoconfig
Router1(config-if)#end
Router1#

The second method uses the EUI-64 method to automatically generate only the host part of the IPv6 address, combined with a defined network portion:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ipv6 unicast-routing
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAAA::/64 eui-64
Router1(config-if)#end
Router1#

 

Discussion

Throughout this chapter you will see the following command frequently:

Router1(config)#ipv6 unicast-routing

By default, the router will not route IPv6 packets. You can configure interfaces with IPv6 addresses, and you can even use IPv6 applications such as PING and TELNET to communicate to and from these routers. And, somewhat confusingly, you can configure static IPv6 routes to allow the routers to do simple IPv6 networking. But without this command, you cannot enable any IPv6 routing protocols. So, even though we are not using any routing protocols in this recipe, we have enabled the ipv6 unicast-routing command because it is a good practice and will help to avoid confusion later on when you do want to run routing protocols.

The first method described in this recipe uses the autoconfig command. This does two things. First, it automatically generates a Link-Local address for use on the local network segment. As we discussed in the Introduction to this chapter, Link-Local addresses are valid IPv6 addresses that can be used to communicate with other devices on the segment, but that do not "leak" off of it. So it is not possible to route packets to these addresses.

So why would you want to configure a link-local address on a router? Well, the short answer is that RFC 4291 says that every interface must have one. The rationale is that you don't need a globally scoped address for any situation where the interface in question is neither the source nor the destination for a packet.

For example, suppose you have two routers connected by an Ethernet segment. If the first router recives a packet that it wants via the second router, the next hop address in its routing table doesn't need to be accessible off the segment. And there are many situations like this when the link-local address can be used, either because the packets are exchanged purely between neighbors or because the address doesn't appear in the packet header but is only used for routing decisions:

Router1#show ipv6 interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::20E:D7FF:FED6:4D80
 No global unicast address is configured
 Joined group address(es):
 FF02::1
 FF02::1:FFD6:4D80
 MTU is 1500 bytes
 ICMP error messages limited to one every 100 milliseconds
 ICMP redirects are enabled
 ND DAD is enabled, number of DAD attempts: 1
 ND reachable time is 30000 milliseconds
Router1#

The address that the router generates this way uses the standard link-local prefix FE80::/10 and the EUI-64 version of the MAC address for the last 64 bits. We will discuss the EUI-64 encoding in a moment.

The second thing that this command does is check for any available IPv6 DHCP servers. If DHCP is available on the local network segment, then the router will automatically attempt to use this protocol to acquire a more general IPv6 address. If a DHCP server is available, the router will automatically discover and download an appropriate configuration. For more information on DHCP for IPv6, please refer to Recipe 25.3.

The other method shown in the Solution section of this recipe uses the EUI-64 keyword:

Router1(config)#interface FastEthernet0/0
Router1(config-if)#ipv6 address AAAA::/64 eui-64

In this case, the router will automatically use the MAC address of the interface to generate the host portion of the IPv6 address. In this case, the network portion of the address is AAAA::/64. Then, if we look at the interface with the show ipv6 interface command, we can see what the actual address is:

Router1#show ipv6 interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::20E:D7FF:FED6:4D80
 Global unicast address(es):
 AAAA::20E:D7FF:FED6:4D80, subnet is AAAA::/64
 Joined group address(es):
 FF02::1
 FF02::1:FFD6:4D80
 MTU is 1500 bytes
 ICMP error messages limited to one every 100 milliseconds
 ICMP redirects are enabled
 ND DAD is enabled, number of DAD attempts: 1
 ND reachable time is 30000 milliseconds
Router1#

We can use the show interface command to see the 48-bit MAC address for this interface:

Router1#show interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
 Hardware is AmdFE, address is 000e.d7d6.4d80 (bia 000e.d7d6.4d80)
 Internet address is 192.168.1.3/24
 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
 reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ARPA, loopback not set
 Keepalive set (10 sec)
 Full-duplex, 100Mb/s, 100BaseTX/FX
 ARP type: ARPA, ARP Timeout 04:00:00
 Last input 00:00:00, output 00:00:00, output hang never
 Last clearing of "show interface" counters never
 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 Queueing strategy: fifo
 Output queue: 0/40 (size/max)
 5 minute input rate 0 bits/sec, 0 packets/sec
 5 minute output rate 0 bits/sec, 0 packets/sec
 10879 packets input, 839782 bytes
 Received 8284 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog
 0 input packets with dribble condition detected
 12137 packets output, 908637 bytes, 0 underruns
 0 output errors, 0 collisions, 2 interface resets
 0 babbles, 0 late collision, 0 deferred
 0 lost carrier, 0 no carrier
 0 output buffer failures, 0 output buffers swapped out
Router1#

As you can see, the interface is now using the address AAAA:: 20E:D7FF:FED6:4D80. The 48-bit MAC address on this interface is 000e.d7d6.4d80. There is a unique correspondence between the host portion of the IPv6 address and this globally unique Ethernet MAC address. The EUI-64 encoding is defined in RFC 4291. For the full details, we encourage readers to refer to that document, but we will summarize the scheme here.

The IEEE 802 standard 48-bit MAC address used on Ethernet interfaces has a well-defined format. The first 24 bits specify the vendor Organizationally Unique Identifier (OUI), which identifies the manufacturer or the equipment. The remaining 24 bits specify an individual interface. The vendor portion of the MAC address has 2 special bits in locations 7 and 8. Bit 7 is the "scope" indicator. If this bit is equal to zero, then the MAC address has global scope, meaning that it can be used anywhere. If it is equal to one, then it has local scope, which usually means that it has been redefined for local purposes. Bit 8 is the "individual/group" bit, which specifies whether this MAC address is to be used by a single device or a collection of devices.

The first rule for converting 48-bit MAC addresses to IPv6 EUI-64 format host addresses is to flip the scope bit. If it is zero, make it one, and vice versa. The second rule, which is just required to pad the 48-bit address to 64 bits, is to insert the hex value 0xFFFE in between the vendor and host portions of the MAC address. So, in our case, when the MAC address is 000e.d7d6.4d80, the second octet must change from 0x00 (0000 0000 in binary) to 0x02 (0000 0010 in binary). Then, when we insert the hex value 0xFFFE, we get 020e.d7ff.fed6.4d80. Adding this as the host portion of the address to the prefix that we specified, AAAA::/64, we get AAAA::020E:D7FF:FED6:4D80/64.

The great advantage to this method of addressing is that you can configure exactly the same commands on every device on a segment, and allow each device to ensure that it has a unique IPv6 address. In fact, you can keep your configurations very simple by just having to worry about the prefixes for each network segment.

The disadvantage to this method, however, is that you will not generally know ahead of time what the full IPv6 address for each device is, only that they will be unique. If you use this method, you must do your record keeping after the fact rather than as part of the design process. This implementation method is quite foreign to the usual models of network design for IPv4 networks.

See Also

Recipe 25.3; RFC 4291

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net